Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
StOMW0ci.dll
-
Size
2.5MB
-
Sample
220926-qm7djsahd3
-
MD5
30f0b4c68317a320227389dc671e32c2
-
SHA1
4cc428c3355504fbc7fa68ab44c4f8c43938adc1
-
SHA256
0213a0d183b593976c20511515be077f94595a3993bfc496e9c4783a506c147e
-
SHA512
9f8f9651189a84f9177d2ac14bb73f563f549127e5b5700892127911f93edfb5f80a40469eefa37d0baa2073c47c9b5d01d47cee831fa704ac77d1972bedf746
-
SSDEEP
49152:/UV3vnVxDtgL47ZbH8TGN8DC9Vj7iRJrd1skW3/gsykrC+PhqJlT89i3FCQuweF7:SVNtSYZbH8TGNYC9Vj7iRJrbskg/gsya
Static task
static1
Behavioral task
behavioral1
Sample
StOMW0ci.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
StOMW0ci.dll
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
StOMW0ci.dll
-
Size
2.5MB
-
MD5
30f0b4c68317a320227389dc671e32c2
-
SHA1
4cc428c3355504fbc7fa68ab44c4f8c43938adc1
-
SHA256
0213a0d183b593976c20511515be077f94595a3993bfc496e9c4783a506c147e
-
SHA512
9f8f9651189a84f9177d2ac14bb73f563f549127e5b5700892127911f93edfb5f80a40469eefa37d0baa2073c47c9b5d01d47cee831fa704ac77d1972bedf746
-
SSDEEP
49152:/UV3vnVxDtgL47ZbH8TGN8DC9Vj7iRJrd1skW3/gsykrC+PhqJlT89i3FCQuweF7:SVNtSYZbH8TGNYC9Vj7iRJrbskg/gsya
Score9/10-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-